Motion Doctor

Consumer Health Data Privacy Policy

Effective Date: May 1, 2026

Last Updated: July 7, 2026

This Consumer Health Data Privacy Policy (the “CHD Policy”) explains how Motion Doctor AI LLC (“Motion Doctor AI,” “we,” “us,” or “our”) collects, uses, shares, and protects “Consumer Health Data” in connection with the Service available at motiondoctor.ai. This CHD Policy supplements our general Privacy Policy and is required by laws including the Washington My Health My Data Act (“MHMD”), Nevada SB 370, and the consumer-health-data provisions of other state laws.

Important: Not a HIPAA-Covered Service

Motion Doctor AI is a wellness and movement-education service. It is not a HIPAA-covered entity or business associate, and the Health Insurance Portability and Accountability Act (HIPAA) does not apply to our handling of your information. Instead, we voluntarily provide the protections described in this CHD Policy and comply with applicable consumer-health-data laws.

1. What Is Consumer Health Data?

“Consumer Health Data” means personal information that is linked or reasonably linkable to you and that identifies your past, present, or future physical or mental health status. In the context of our Service, Consumer Health Data may include:

  • descriptions of pain, stiffness, tightness, restriction, or mobility limitations;
  • affected body areas (e.g., low back, hip, shoulder);
  • self-reported injury history;
  • age range and general physical-condition information you provide as part of the Custom Movement Assessment;
  • messages to our AI coach that disclose health, symptom, or movement information;
  • custom movement programs generated for you;
  • inferences we draw from any of the above to provide personalized programs and coaching.

Consumer Health Data does NOT include de-identified or aggregated data that is not reasonably linkable to you.

2. How We Collect Consumer Health Data

We collect Consumer Health Data directly from you when you:

  • complete the Custom Movement Assessment;
  • send messages to our AI coach;
  • update your goals or preferences in your account; or
  • email or message our support team about your movement, body, or program.

We do not purchase Consumer Health Data from data brokers, and we do not collect Consumer Health Data from third-party sources except as you authorize.

3. How We Use Consumer Health Data

We use your Consumer Health Data only for the following purposes:

  • to deliver the Service to you, including generating your Custom Movement Assessment results, matching exercise videos, building your custom movement program, and operating our AI coach with persistent memory;
  • to communicate with you about the Service, including scheduled in-product check-ins and email reminders;
  • to improve the Service through product analytics performed on de-identified or aggregated data;
  • to maintain security, prevent fraud, and respond to abuse or misuse; and
  • to comply with our legal obligations and enforce our Terms of Service.

We do NOT use Consumer Health Data for:

  • advertising or marketing to you based on your Consumer Health Data;
  • selling or licensing to third parties for their independent use;
  • training third-party AI models;
  • profiling that produces legal or similarly significant effects; or
  • any purpose unrelated to providing or improving the Service.

4. How We Share Consumer Health Data

4.1 Service Providers. We share Consumer Health Data only with the service providers necessary to operate the Service:

  • OpenAI, Inc., for AI-model inference. We have disabled OpenAI’s data-sharing and model-training settings, so OpenAI does not use our customer inputs to train its models. During our beta period, we have enabled OpenAI’s API call logging so our team can review AI coach conversations for quality assurance and debugging. OpenAI retains logged inputs and outputs until we manually delete them or OpenAI’s applicable retention period expires. At public launch we intend to disable this logging, at which point OpenAI’s standard abuse-monitoring retention (typically up to 30 days) will apply. Our processor relationship with OpenAI is governed by OpenAI’s standard Data Processing Addendum (not a HIPAA Business Associate Agreement, as Motion Doctor AI is not a HIPAA-covered service);
  • Supabase, Inc., for encrypted database storage of your account, assessment results, and conversation memory;
  • Resend, for transactional and marketing email delivery (Consumer Health Data is not included in email content beyond what is necessary to operate the Service);
  • Vercel, Inc. and Railway Corp., for hosting infrastructure.

Each of these providers is contractually required to maintain the confidentiality and security of Consumer Health Data and to use it only to provide services to us.

4.2 No Sale of Consumer Health Data. We do not sell Consumer Health Data for monetary or other valuable consideration. We have not done so in the preceding twelve (12) months and we have no plans to do so.

4.3 No Sharing for Targeted Advertising. We do not share Consumer Health Data with third parties for targeted advertising or any cross-context behavioral advertising.

4.4 Legal Disclosures. We may disclose Consumer Health Data only as required by valid legal process (such as a subpoena or court order), and we will, where lawful and feasible, notify you in advance.

4.5 No Geofencing. We do not implement geofences around any healthcare facility, mental-health facility, reproductive- or sexual-health facility, or any other location for the purpose of identifying, tracking, or collecting data from consumers.

5. Retention of Consumer Health Data

We retain Consumer Health Data for as long as your account is active and for a reasonable period thereafter to provide the Service, comply with legal obligations, and resolve disputes. You may delete your Consumer Health Data at any time by deleting your account or by emailing bob@motiondoctor.ai.

6. Security of Consumer Health Data

We use commercially reasonable administrative, technical, and physical safeguards to protect Consumer Health Data, including encryption in transit (TLS), encryption at rest where supported by our database provider, role-based access controls, hashed password storage, and audit logging. Access to Consumer Health Data within Motion Doctor AI is limited to personnel who need it to operate the Service.

7. Your Rights Regarding Consumer Health Data

You have the following rights regarding your Consumer Health Data:

7.1 Right to Confirm and Access. You may confirm whether we are collecting, processing, sharing, or selling your Consumer Health Data, and you may request access to a copy of your Consumer Health Data.

7.2 Right to Withdraw Consent. You may withdraw any consent you have provided to our collection or processing of your Consumer Health Data. Withdrawal does not affect processing that occurred before withdrawal.

7.3 Right to Delete. You may request deletion of your Consumer Health Data from our records and from those of our service providers. We will honor such requests promptly, subject only to narrow exceptions required by law (such as records we must retain for legal-compliance purposes).

7.4 Right Against Discrimination. We will not deny goods or services, charge a different price, or provide a different level of quality because you exercised any of these rights.

7.5 Right to Appeal. If we deny a request relating to your Consumer Health Data, you have the right to appeal. To appeal, email bob@motiondoctor.ai with “CHD Appeal” in the subject line. We will respond within forty-five (45) days. If your appeal is denied, you may contact your state attorney general (e.g., the Washington State Attorney General at agcomplaints.atg.wa.gov) to file a complaint.

7.6 How to Exercise These Rights. To exercise any of these rights, email bob@motiondoctor.ai with a clear description of your request, or write to us at Motion Doctor AI LLC, Conshohocken, PA 19428. To protect your privacy, we will verify your identity before honoring a request, typically by confirming information already associated with your account.

8. Specific Notices for Washington Residents

Under the Washington My Health My Data Act (MHMD), Washington residents have the rights described in Section 7 of this CHD Policy. In addition:

  • We will not collect, use, or share your Consumer Health Data beyond what is necessary to provide the Service without first obtaining your separate, valid consent in accordance with MHMD.
  • We will not sell your Consumer Health Data without your valid written authorization, which we do not currently seek and do not intend to seek.
  • Our service-provider contracts require providers to comply with MHMD and limit their use of Consumer Health Data to providing services to us.
  • You may file a complaint with the Washington State Attorney General if you believe we have violated MHMD.

9. Specific Notices for Nevada Residents

Under Nevada SB 370, Nevada residents have rights regarding consumer health data substantially similar to those described in this CHD Policy. We do not sell consumer health data, and we will not do so without first obtaining your affirmative, express consent.

10. Minors

The Service is for users 18 and older. We do not knowingly collect Consumer Health Data from minors. Our assessment includes an age-confirmation step that blocks users under 18. If we learn we have collected Consumer Health Data from a minor, we will delete it as soon as reasonably practicable.

11. Changes to This CHD Policy

We may update this CHD Policy from time to time. When we make material changes, we will update the “Last Updated” date at the top of this Policy and provide notice through the Service or by email. We will not materially change our practices for collecting, using, or sharing Consumer Health Data without your consent, where required by applicable law.

12. Contact Us

If you have questions about this Consumer Health Data Privacy Policy or wish to exercise any of your rights, please contact us at:

Motion Doctor AI LLC
Conshohocken, Pennsylvania 19428
bob@motiondoctor.ai